Friday, July 23, 2021

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

Must Read

Fines Less of a Concern than Reputational Damage for Public Sector Security

In a survey of 250 UK public sector professionals working in cybersecurity, risk, and data protection by Zivver, 52% of...

US Senate Approves New Deepfake Bill

The US bill must now pass through the House of Representatives. US legislation mandating government study to deepfakes took a...

DOD’s weapons programs do not have clear cybersecurity guidelines: GAO

The U.S. Defense Department struggles to outline cybersecurity requirements in contracts for weapon systems, though the agency made important...

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver software.

According to the researchers, some HP, Xerox, and Samsung printer models contained vulnerable driver software, sold worldwide since 2005. 

Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named “SSPORT.SYS” that can enable remote privilege and arbitrary code execution. Hundreds of millions of printers have been released worldwide to date with the vulnerable driver in question.

As the researchers discovered, the buggy driver automatically gets installed with the printer software and will be loaded by Windows after each system reboot.

“This makes the driver a perfect candidate to target since it will always be loaded on the machine even if there is no printer connected,” the researchers say. 

However, there is no evidence that the flaw was abused in real-world attacks.

Successful exploitation requires local user access which means that threat actors will need to first get a foothold on the targeted devices.

The vulnerable function in the driver is the acceptance of data without size parameter validation, allowing attackers to overrun the driver’s buffer theoretically. 

The issue was reported to HP by threat intelligence researchers from SentinelLabs on February 18, 2021, following which remedies have been published for the affected printers as of May 19, 2021.

Local attackers could escalate their privileges to a SYSTEM account and run code in kernel mode to perform actions including tampering with a target machine. However, SentinelLabs says that the time was not invested in finding a way to weaponize it alone, and a successful exploit may need a chain of vulnerabilities. 

Once this is achieved, they can abuse the security bug to escalate privileges in low complexity attacks without requiring user interaction.

Update ASAP Your Drivers

HP said impacted models include the HP LaserJet, Samsung CLP, Samsung MultiXpress, and Samsung Xpress series in a security advisory.

A list of affected printer models using the vulnerable driver can be found in HP’s security advisory and this Xerox security mini bulletin.

“Some Windows machines may already have this driver without even running a dedicated installation file, since this driver comes with Microsoft Windows via Windows Update,” the researchers added.

This is not the first time security flaws have been discovered in old software drivers. Earlier this May, SentinelOne revealed details about multiple critical privilege escalation vulnerabilities in Dell’s firmware update driver named “dbutil_2_3.sys” that went undisclosed for more than 12 years.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This